Errors Handling / Debugging / Security :
The default error handling in PHP is very simple. An error message with filename, line number and a message describing the error is sent to the browser.PHP Error Handling:
When creating scripts and web applications, error handling is an important part. If you code lacks error checking code, your program may look very unprofessional and you may be open to security risks.
Basic Error Handling: Using the die ( ) function:
The first example shows a simple script that opens a text file.
<?php
$file = fopen("welcome.txt","r");
?>
if the file doesn't exist we might get an error like the one below:
warning: fopen(welcome.txt) [function.fopen]: failed to open stream: No such file or directory in C:\xampp\htdocs\error.php on line 2.
To prevent the user from getting an error message like the one above, we test whether the file exist before we try to access it:
<?php
if(!file_exists("welcome.txt")){
die("File not found");
} else{
$file=fopen("welcome.txt","r");
}
?>
You can read more about the PHP error handling in following link:
- https://www.w3schools.com/php/php_error.asp
- https://www.tutorialspoint.com/php/php_error_handling.htm
- https://www.sitepoint.com/error-handling-in-php/
Or you can view one of the following videos to get the idea about error handling:
PHP Security:
The security of a website built with PHP is crucial most of all. The developer is held responsible for any vulnerability in the website, that's the main reason it should be prioritized first and all the test cases should be tested. Some of the main points in php security includes:
- Form Validation
- SQL Injection
- Metasploit
- cross site scripting
You can read more about these topics and how to improve the security of the website from any of the links:
- W3 Schools | SQL Injection |
- Virtue Security | Cross Site Scripting
- OWASP | Preventing Cross site Scripting
Demo for SQL Injection | Cross site scripting attack | Metasploit:
SQL Injection basics demo:
SQL Injection basics demo:
Cross-site Scripting Explained:
SQL Injection Explained:
No comments:
Post a Comment